On 2012-11-09 21:26, David Wainberg wrote:
> Now I feel like we're talking past each other. The language you
> proposed previously does, as I said, go in the direction of what I'm
> proposing. Here's Walter's text:
>
> _A UA MUST incorporate detection mechanisms for alteration of
> DNT-preferences by third-party software (including third-party
> UA-extensions and plugins) and MUST upon detection of such changes
> verify with the user that they reflect the user's intentions. The UA
> MAY provide the user with the option to ignore future changes in the
> DNT-preferences or to automatically change them back to a user-set
> preference. _
Yes, and I feel that this would require an UA to check whether its
stored DNT preferences have been changed, just like UAs tend to check
whether they are the default UA. This does not require an UA to
guaranteee the DNT preferences have not been changed since one could
think of several ways of circumventing that. And to probably clarify it
further, since it is impossible to check for sure that the preference
transmitted over HTTP is the same as the one stored in the UA, I think
this should not require an UA to even try to check that.
The reason I proposed this is that I think it is not unreasonable to
require some diligence as to to ascertain that the DNT preference
reflects the actual intents of the user. My worries are more about
DNT:0, yours happen to be about DNT:1, but we both feel that the
'informed' bit of the expressed consent/lack of consent should be taken
seriously.
Where we may have disagreement on is on the question at which point due
diligence becomes undue diligence. The text as proposed (and perhaps
after some refinement given the different way you may have read it) puts
in an, in my opinion, acceptable and feasible level of that. I would
welcome feedback from UA makers on this, they are likely to have a more
informed opinion on this than I have.
Regards,
Walter